Instantly share code, notes, and snippets.

Embed
What would you like to do?
Privilege escalation on Citrix NetScaler VPX through SSRF vulnerability
[+] buxuqua (@Buxu)
[Suggested description]
By an SSRF attack, an attacker can perform Privilege escalation attack to the nsroot user. And by the nsroot user, an attacker can execute remote commands with root privileges of OS.
------------------------------------------
[VulnerabilityType Other]
Privilege Escalation to RCE
------------------------------------------
[Vendor of Product]
Citrix NetScaler
------------------------------------------
[Affected Product Code Base]
NetScaler VPX - <= NS12.0 53.13.nc
------------------------------------------
[Affected Component]
/rapi/read_url
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
to exploit this vulnerability, an attacker must have a account on the Citrix
NetScaler VPX webapp (this account doesn't have any permission on webapp)
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment